The locks page_alloc_lock and grant_table.lock are not always taken in the same order. This opens the possibility of deadlock. As a result, a malicious guest administrator can deny service to the entire host.
References:
http://seclists.org/oss-sec/2013/q4/204
Acknowledgements:
Red Hat would like to thank the Xen project for reporting this issue.